ch-gr opened a new issue, #12888: URL: https://github.com/apache/apisix/issues/12888
### Description This is a follow up to [Bishnup1995](https://github.com/Bishnup1995)'s question regarding creating consumers from the openid-connect plugin - #11015 I've created a plugin that parses the oidc identity token from the X-ID-Token header that the openid-connect plugin adds after succesfull authentication. The plugin configuration allows me to specify oidc role -> consumer mappings for the route, i.e. ```yaml uris: - /hello plugins: oidc-consumer: consumers: - id: read-only-user oidc-roles: - standard-user - id: admin-user oidc-roles: - super-user ``` If a token role matches, the relevant consumer is attached to the request by calling the following function: ```lua -- Attach an ephemeral consumer to the request context -- https://github.com/apache/apisix/issues/11015#issuecomment-2994693291 -- -- Note: Consumer groups cannot added in this way, as they must be registered -- via the consumer_groups module, which is system-wide, not request-scoped. -- local consumer_mod = require("apisix.consumer") local function attach_consumer(ctx, consumer_id, username) local apisix_consumer_conf = { conf_version = "oidc-tmp-consumer" } local apisix_consumer = { -- Properties required by plugin.lua's _M.merge_consumer_route id = consumer_id, modifiedIndex = 0, consumer_name = consumer_id, -- Optional value for request header X-Credential-Identifier credential_id = consumer_id, -- Optional value for request header X-Consumer-Username username = username, } consumer_mod.attach_consumer(ctx, apisix_consumer, apisix_consumer_conf) end ``` Is this a valid approach? Should this be handled differently? Thanks! ### Environment - APISIX version (run `apisix version`): 3.14.1 - Operating system (run `uname -a`): Linux apisix-cc56488df-kzmnn 6.12.55-74.119.amzn2023.x86_64 #1 SMP PREEMPT_DYNAMIC - OpenResty / Nginx version (run `openresty -V` or `nginx -V`): openresty/1.27.1.2 - etcd version, if relevant (run `curl http://127.0.0.1:9090/v1/server_info`): - APISIX Dashboard version, if relevant: - Plugin runner version, for issues related to plugin runners: - LuaRocks version, for installation issues (run `luarocks --version`): -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
